In various embodiments, a method of verifying a multi-factor administrator action may be performed. The method may include receiving, from a first user, an authentication request that indicates a requested access, where the first user has administrative privileges to perform the requested access. The method may further include identifying a second user that has administrative privileges to approve the requested access. A verification request may be to the second user. In response to receiving an approval message from the second user within a particular amount of time, an authentication response that indicates that the first user is authorized to perform the requested access may be sent to the first user.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A non-transitory computer-readable storage medium having computer instructions stored thereon that, when executed by a computer system, cause operations comprising: receiving, from a first administrative user, an authentication request that includes an indication of a requested access, wherein the first administrative user has administrative privileges to perform the requested access; in response to receiving the authentication request, identifying a second administrative user from a plurality of other administrative users authorized to verify authentication requests corresponding to the requested access, wherein the plurality of other administrative users have administrative privileges to approve the requested access; sending, to the second administrative user, a verification request that includes the requested access indication; in response to determining that an approval message from the administrative user has not been received within a particular amount of time, sending, to a third of the plurality of other administrative users, another verification request that includes the requested access indication; and in response to receiving an approval message from the third administrative user, sending, to the first administrative user, an authentication response that indicates that the first administrative user is authorized to perform the requested access.
2. The non-transitory computer-readable storage medium of claim 1 , wherein the requested access includes modifying an encryption key.
3. The non-transitory computer-readable storage medium of claim 1 , wherein the requested access includes modifying at least a particular quantity of data included in a database system.
4. The non-transitory computer-readable storage medium of claim 1 , wherein the first administrative user is authorized to verify authentication requests from other users.
5. The non-transitory computer-readable storage medium of claim 4 , wherein the operations further comprise: in response to receiving, from the second administrative user, a second authentication request that includes a second indication of the requested access, identifying the first administrative user; sending, to the first administrative user, a second verification request that includes the second requested access indication; and in response to receiving a second approval message from the first administrative user within the particular amount of time, sending, to the second administrative user, a second authentication response that indicates that the second administrative user is authorized to perform the requested access.
6. The non-transitory computer-readable storage medium of claim 1 , wherein the requested access includes an action that prevents the second administrative user from accessing a data file.
7. The non-transitory computer-readable storage medium of claim 1 , wherein the identifying includes selecting the second administrative user from a list of administrative users that have administrative privileges to approve the requested access.
8. The non-transitory computer-readable storage medium of claim 1 , wherein the particular amount of time varies based on the requested access.
9. The non-transitory computer-readable storage medium of claim 1 , wherein the authentication request includes an indication of the second administrative user.
10. The non-transitory computer-readable storage medium of claim 1 , wherein the verification request further includes a context comment from the first administrative user regarding the requested access.
11. The non-transitory computer-readable storage medium of claim 1 , wherein sending the authentication response includes sending an indication of a particular period of time during which the first administrative user is authorized to perform the requested access.
12. A method, comprising: receiving, by a computer system from a first user, an authentication request that includes an indication of a requested access; verifying, by the computer system, that the first user has administrative privileges to perform the requested access; identifying, by the computer system, a second user from a plurality of users authorized to verify authentication requests corresponding to the requested access, wherein the plurality of users have administrative privileges to approve the requested access; sending, by the computer system to the second user, a verification request that includes the requested access indication; in response to determining that an approval message from the second user has not been received within a particular amount of time, sending, to a third of the plurality of users, another verification request that includes the requested access indication; and in response to receiving an approval message from the third user, sending, by the computer system to the first user, an authentication response that indicates that the first user is authorized to perform the requested access.
13. The method of claim 12 , wherein the first user is a supervisor of the second user.
14. The method of claim 12 , wherein the particular amount of time is based on the requested access.
15. The method of claim 12 , wherein the requested access includes updating a data object included in a database.
16. A computer system, comprising: one or more processors; and memory having program instructions stored therein that are executable by the one or more processors to cause the computer system to perform operations including: receiving, from a first user, an authentication request that includes an indication of a requested access, wherein the first user has administrative privileges to perform the requested access; identifying a second user from a list of users authorized to verify authentication requests corresponding to the requested access, wherein the users of the list of users have administrative privileges to perform the requested access, and wherein the list of users includes the first user; sending, to the second user, a verification request that includes the requested access indication; in response to determining that an approval message from the second user has not been received within a particular amount of time, sending, to a third user in the list, another verification request that includes the requested access indication; and in response to receiving an approval message from the third user, sending, to the first user, an authentication response that indicates that the first user is authorized to perform the requested access.
17. The computer system of claim 16 , wherein the operations further comprise verifying that the first user has the administrative privileges to perform the requested access.
18. The computer system of claim 16 , wherein the particular amount of time is determined based on the requested access.
19. The computer system of claim 16 , wherein the operations further comprise identifying the list from a plurality of lists corresponding to a plurality of respective requested accesses.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
January 30, 2018
August 25, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.